Defer case-sensitive support to storage backend

Rather than enforce lowercase paths for all drivers, support for
case-sensitivity has been deferred to the driver. There are a few caveats to
this approach:

1. There are possible security implications for tags that only differ in their
case. For instance, a tag "A" may be equivalent to tag "a" on certain file
system backends.
2. All system paths should not use case-sensitive identifiers where possible.
This might be problematic in a blob store that uses case-sensitive ids. For
now, since digest hex ids are all case-insensitive, this will not be an issue.

The recommend workaround is to not run the registry on a case-insensitive
filesystem driver in security sensitive applications.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
This commit is contained in:
Stephen J Day 2015-04-07 14:14:45 -07:00
parent 434be18e35
commit e23ca5ac5f
2 changed files with 5 additions and 4 deletions

View File

@ -83,7 +83,7 @@ type StorageDriver interface {
// number of path components separated by slashes, where each component is
// restricted to lowercase alphanumeric characters or a period, underscore, or
// hyphen.
var PathRegexp = regexp.MustCompile(`^(/[a-z0-9._-]+)+$`)
var PathRegexp = regexp.MustCompile(`^(/[A-Za-z0-9._-]+)+$`)
// ErrUnsupportedMethod may be returned in the case where a StorageDriver implementation does not support an optional method.
var ErrUnsupportedMethod = errors.New("unsupported method")

View File

@ -136,7 +136,9 @@ func (suite *DriverSuite) TestValidPaths(c *check.C) {
"/.abc",
"/a--b",
"/a-.b",
"/_.abc"}
"/_.abc",
"/Docker/docker-registry",
"/Abc/Cba"}
for _, filename := range validFiles {
err := suite.StorageDriver.PutContent(filename, contents)
@ -159,8 +161,7 @@ func (suite *DriverSuite) TestInvalidPaths(c *check.C) {
"abc",
"123.abc",
"//bcd",
"/abc_123/",
"/Docker/docker-registry"}
"/abc_123/"}
for _, filename := range invalidFiles {
err := suite.StorageDriver.PutContent(filename, contents)